diff --git a/libretroshare/src/gxs/gxssecurity.cc b/libretroshare/src/gxs/gxssecurity.cc index 4b9ab5938..4e086ac7a 100644 --- a/libretroshare/src/gxs/gxssecurity.cc +++ b/libretroshare/src/gxs/gxssecurity.cc @@ -110,9 +110,9 @@ static void setRSAPrivateKeyData(RsTlvPrivateRSAKey& key, RSA *rsa_priv) } bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key) { -#ifdef GXS_SECURITY_DEBUG +//#ifdef GXS_SECURITY_DEBUG std::cerr << "Checking private key " << key.keyId << " ..." << std::endl; -#endif +//#endif if( (key.keyFlags & RSTLV_KEY_TYPE_MASK) != RSTLV_KEY_TYPE_FULL) { @@ -147,15 +147,28 @@ bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key) } bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key) { -#ifdef GXS_SECURITY_DEBUG +//#ifdef GXS_SECURITY_DEBUG std::cerr << "Checking public key " << key.keyId << " ..." << std::endl; -#endif +//#endif if( (key.keyFlags & RSTLV_KEY_TYPE_MASK) != RSTLV_KEY_TYPE_PUBLIC_ONLY) { std::cerr << "(WW) GxsSecurity::checkPublicKey(): public key has wrong flags " << std::hex << (key.keyFlags & RSTLV_KEY_TYPE_MASK) << std::dec << ". This is unexpected." << std::endl; return false ; } + + // try to extract private key + const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data; + long keylen = key.keyData.bin_len; + RSA *rsa_prv = d2i_RSAPrivateKey(NULL, &(keyptr), keylen); + + if(rsa_prv != NULL) + { + std::cerr << "(SS) GxsSecurity::checkPublicKey(): public key with ID " << key.keyId << " actually is a Private key!!!" << std::endl; + RSA_free(rsa_prv) ; + return false ; + } + RSA *rsa_pub = ::extractPublicKey(key) ; if(rsa_pub == NULL) @@ -197,7 +210,7 @@ bool GxsSecurity::generateKeyPair(RsTlvPublicRSAKey& public_key,RsTlvPrivateRSAK RSA_free(rsa); RSA_free(rsa_pub); - if(!(private_key.check() && public_key.check())) + if(!(private_key.checkKey() && public_key.checkKey())) { std::cerr << "(EE) ERROR while generating keys. Something inconsistent in flags. This is probably a bad sign!" << std::endl; return false ; diff --git a/libretroshare/src/serialiser/rstlvkeys.cc b/libretroshare/src/serialiser/rstlvkeys.cc index d50747cb6..5cb06f3ff 100644 --- a/libretroshare/src/serialiser/rstlvkeys.cc +++ b/libretroshare/src/serialiser/rstlvkeys.cc @@ -28,6 +28,7 @@ #include "rstlvbase.h" #include "rsbaseserial.h" #include "util/stacktrace.h" +#include "gxs/gxssecurity.h" #include @@ -96,7 +97,7 @@ bool RsTlvRSAKey::SetTlv(void *data, uint32_t size, uint32_t *offset) const return false; /* not enough space */ } - bool ok = checkFlags(keyFlags); // check before serialise, just in case + bool ok = checkKey(); // check before serialise, just in case /* start at data[offset] */ /* add mandatory parts first */ @@ -184,7 +185,7 @@ bool RsTlvRSAKey::GetTlv(void *data, uint32_t size, uint32_t *offset) std::cerr << std::endl; #endif } - return ok && checkFlags(keyFlags) ; + return ok && checkKey() ; } std::ostream& RsTlvRSAKey::print(std::ostream &out, uint16_t indent) const @@ -217,7 +218,15 @@ std::ostream& RsTlvRSAKey::print(std::ostream &out, uint16_t indent) const } +bool RsTlvPrivateRSAKey::checkKey() const +{ + return bool(keyFlags & RSTLV_KEY_TYPE_FULL) && !bool(keyFlags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && GxsSecurity::checkPrivateKey(*this) ; +} +bool RsTlvPublicRSAKey::checkKey() const +{ + return bool(keyFlags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && !bool(keyFlags & RSTLV_KEY_TYPE_FULL) && GxsSecurity::checkPublicKey(*this) ; +} /************************************* RsTlvSecurityKeySet ************************************/ diff --git a/libretroshare/src/serialiser/rstlvkeys.h b/libretroshare/src/serialiser/rstlvkeys.h index 92e09b281..03b41c06d 100644 --- a/libretroshare/src/serialiser/rstlvkeys.h +++ b/libretroshare/src/serialiser/rstlvkeys.h @@ -53,7 +53,7 @@ class RsTlvRSAKey: public RsTlvItem { public: RsTlvRSAKey(); - virtual bool checkFlags(uint32_t flags) const = 0 ; // this pure virtual forces people to explicitly declare if they use a public or a private key. + virtual bool checkKey() const = 0 ; // this pure virtual forces people to explicitly declare if they use a public or a private key. virtual uint32_t TlvSize() const; virtual void TlvClear(); @@ -64,8 +64,6 @@ public: /* clears KeyData - but doesn't delete - to transfer ownership */ void ShallowClear(); - bool check() const { return checkFlags(keyFlags) && (!keyId.isNull()) ; } - RsGxsId keyId; // Mandatory : uint32_t keyFlags; // Mandatory ; uint32_t startTS; // Mandatory : @@ -80,14 +78,14 @@ class RsTlvPrivateRSAKey: public RsTlvRSAKey public: virtual ~RsTlvPrivateRSAKey() {} - virtual bool checkFlags(uint32_t flags) const { return bool(flags & RSTLV_KEY_TYPE_FULL) && !bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) ; } + virtual bool checkKey() const ; }; class RsTlvPublicRSAKey: public RsTlvRSAKey { public: virtual ~RsTlvPublicRSAKey() {} - virtual bool checkFlags(uint32_t flags) const { return bool(flags & RSTLV_KEY_TYPE_PUBLIC_ONLY) && !bool(flags & RSTLV_KEY_TYPE_FULL) ; } + virtual bool checkKey() const ; }; class RsTlvSecurityKeySet: public RsTlvItem diff --git a/libretroshare/src/services/p3idservice.cc b/libretroshare/src/services/p3idservice.cc index 1c467a137..22fb8da49 100644 --- a/libretroshare/src/services/p3idservice.cc +++ b/libretroshare/src/services/p3idservice.cc @@ -1699,10 +1699,10 @@ void RsGxsIdCache::init(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& i // do some tests if(details.mFlags & RS_IDENTITY_FLAGS_IS_OWN_ID) { - if(!priv_key.check()) + if(!priv_key.checkKey()) std::cerr << "(EE) Private key missing for own identity " << pub_key.keyId << std::endl; } - if(!pub_key.check()) + if(!pub_key.checkKey()) std::cerr << "(EE) Public key missing for identity " << pub_key.keyId << std::endl; /* rest must be retrived from ServiceString */